Just installed OpenWRT 12.09 in my router, but became a little confused about interfaces/bridges/vlans.

After my first boot, I logged in and set my root password, so I used Luci to activate my Wi-Fi, and took me a little to figure out that I could bridge Wi-Fi with LAN to get access to the internet. But I ended up with two problems:

The DHCP addresses are been provided by my ISP (which is bad since I have to pay an extra fee for each IP)

I can't block SHH access from the Internet/WAN, so my router is a bit vulnerable.

How should I configure—preferably by Luci—to do the following:

DHCP provided by this router to my Internal devices, with resolving of DNS

Properly configure my interfaces so I can allow SSH only on internal (WAN/radio0) interface

Which and why I should choose to use bridge or VLAN? This article, doesn’t explain it, nor provide any clue.

Some notes:
- I'm a Gentoo Linux user, so I consider myself a good learner, but haven't yet found any good references for OpenWRT.
- My device is TP-Link TL-MR3020 by the way it has only one LAN/eth0 interface and one wirelss/radio0 one.

1 Answer
1

I have tried OpenWRT before and I have installed the WebGUI to help, you may refer to LuCI Essentials for setting up Web User Interface by LuCI. Access through web browser to configure your router such as turning on SSH and set some other configurations will be easier through Web UI.

Edit 1.

So you have 3 questions, I separate them and try to pin point the solution one by one for easy understanding.
One things have to declare that, since my Router is turned from OpenWRT to DDWRT and then turned into Tomato. So I used VM(Virtual Machine) for screen capturing and solutions writings. Please forgive if there is 1 or 2 slight points difference. I think it is same most of the case, since I used VM to try OpenWRT before I flash to my router.

Preparations: (in case you haven't done so), the LuCi will be accessed later when your router is configured to be accessible by local area network machines. Extracted from LuCI Essentials

1. My external address (lan/eth0) provided by the ISP modem (so I can't simple block port 68 in this interface)
I suppose you mean to get the external address, right?
Actually, when you setup the router to get the DHCP from your ISP(modem) then your external address will be appeared in LuCi later.

Up to this point, when you open your client computer such as Windows 7, open a browser, type in 192.168.100.1 (your case), then you should see the OpenWRT interface in browser. Password is nothing by default.

Something like this screen:

2. DHCP provided by this router to my internal devices, with resolving of device names (DNS)

When you can connect to your router through client computer browser, you can go to Network -> Hostnames to manually assign hostname to specific devices if those device does not have hostname or does not resolve automatically. (in my case, default have no problem)

3. Properly configure my interfaces so I can allow ssh only on internal (wan/radio0) interface

For sure I've already read LuCI Essentials, actualy I've said before that I prefer that someone helps me to make the config by LuCI (third paragraph) and that I configured a bridge by LuCI (second one) can you help me to understand what I'm supposed to do with my interfaces, to achieve my pointed objectives?
–
RafareinoApr 16 '14 at 11:58

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes.
–
RaystafarianApr 16 '14 at 12:55

Please add the informations from your link to your answer, because if the site is offline, the answer will be useless.
–
Christian WoerzApr 16 '14 at 13:03

Sorry for my too short answer. Let me see how to illustrate the answer easier. @Raystafarian and c0dev, thanks for pointing out, acknowledged. Will do it asap after tomorrow for it is too late for me here due to time difference.
–
simongccApr 16 '14 at 16:34

I have edited the answer as Edit 1. Hope this help.
–
simongccApr 17 '14 at 13:11